Fraud platform pilot: launching a fraud detection loop in 6 months

Context

A regional operator. CFO notices a mismatch between gross revenue from billing and net collections. Internal audit finds “isolated cases” but there is no systematic process.

CIO reluctantly: “maybe there are no losses, the audit methodology is just outdated”. CFO holds the line.

Diagnostic (5 weeks)

Sample reconciliation across 4 loops:

Subscription fraud — 0.6% of activations with signs of a fictitious customer (non-existent documents, repeat use of one ID).

International revenue share fraud — 8 known fraud schemes in the industry, 5 of them active on the network.

Roaming wholesale leakage — 12% of interconnect billing disputes unresolved for >6 months.

Bypass fraud (SIM-box) — estimated 0.4% of trunk traffic with anomalous patterns.

Total estimated leakage: 2.1% of revenue. At the operator’s size this is material.

Approach (6 months)

Phased pilot, not “everything at once”.

Months 1-2. Subscription fraud detection. Real-time scoring at activation, network-pattern check in the first 7 days. Decline rate rose from 0.4% to 1.1%, fraud per month −68%.

Months 2-4. International revenue share. Pattern-based detection of trunk anomalies. Block + dispute mechanism with partner operators.

Months 4-6. Bypass fraud. Test calls to own premium numbers via various routes, identify SIM-boxes. Field operations for confiscation.

Roaming wholesale — a separate workstream under finance, not engineering.

Results

After 6 months:

• Subscription fraud −60%, recurring saving ≈$2-4M annualised.
• IRSF blocked ≈$800k over 6 months.
• Bypass fraud — 14 SIM-boxes confiscated, recovery ≈$300k.
• Roaming disputes — 8 of 14 resolved, recovery ≈$1.5M.

Total recovered run-rate ~$5M annualised.

What is critical

CFO sponsorship. Every fraud block touches someone — dealer, partner, customer. Without CFO cover those blocks get reversed.

Fraud team as a separate function (not in IT, not in operations). Independence is mandatory.

Tool selection — not “best vendor” but “vendor with patterns for our region”. Global vendors often do not know local fraud schemes.

Operating routine — weekly review of detected vs missed cases, monthly executive review.

What would not have worked

Big-bang rollout of all loops at once. Capacity to investigate underwhelms, false positives blow up.

Outsource fraud entirely to a vendor. Without internal capability — vendor scope creeps, costs balloon.

Treating fraud as a pure-tech problem. 60% of the work is operations and legal, not algorithms.

How SamaraliSoft engages

An engagement of this class — 6-9 months. Initial assessment 4-6 weeks, phased pilot, knowledge transfer to the in-house team.

Related

• /en/solutions/telecom-fraud-platform/ — fraud platform
• /en/solutions/telecom-revenue-assurance-platform/ — RA
• /en/insights/telecom-fraud-economics/ — fraud economics
• /en/use-cases/telecom-sim-swap-detection/ — SIM swap